From 42f3b7cbcab156e89720e466043bfc89f9ed2e96 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Tue, 3 Jul 2018 00:26:13 +0100 Subject: [PATCH 1/2] http_protocol_handler: catch invalid numbers when parsing --- .../epee/include/net/http_protocol_handler.inl | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/contrib/epee/include/net/http_protocol_handler.inl b/contrib/epee/include/net/http_protocol_handler.inl index 0bdba0bfe..dc2c06972 100644 --- a/contrib/epee/include/net/http_protocol_handler.inl +++ b/contrib/epee/include/net/http_protocol_handler.inl @@ -328,8 +328,10 @@ namespace net_utils inline bool analize_http_method(const boost::smatch& result, http::http_method& method, int& http_ver_major, int& http_ver_minor) { CHECK_AND_ASSERT_MES(result[0].matched, false, "simple_http_connection_handler::analize_http_method() assert failed..."); - http_ver_major = boost::lexical_cast(result[11]); - http_ver_minor = boost::lexical_cast(result[12]); + if (!boost::conversion::try_lexical_convert(result[11], http_ver_major)) + return false; + if (!boost::conversion::try_lexical_convert(result[12], http_ver_minor)) + return false; if(result[3].matched) method = http::http_method_options; @@ -357,7 +359,12 @@ namespace net_utils boost::smatch result; if(boost::regex_search(m_cache, result, rexp_match_command_line, boost::match_default) && result[0].matched) { - analize_http_method(result, m_query_info.m_http_method, m_query_info.m_http_ver_hi, m_query_info.m_http_ver_hi); + if (!analize_http_method(result, m_query_info.m_http_method, m_query_info.m_http_ver_hi, m_query_info.m_http_ver_hi)) + { + m_state = http_state_error; + MERROR("Failed to analyze method"); + return false; + } m_query_info.m_URI = result[10]; if (!parse_uri(m_query_info.m_URI, m_query_info.m_uri_content)) { @@ -554,7 +561,8 @@ namespace net_utils if(!(boost::regex_search( str, result, rexp_mach_field, boost::match_default) && result[0].matched)) return false; - len = boost::lexical_cast(result[0]); + try { len = boost::lexical_cast(result[0]); } + catch(...) { return false; } return true; } //----------------------------------------------------------------------------------- From 0a4a7da35cd043411b5544440f996f588be1e892 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Tue, 3 Jul 2018 00:27:08 +0100 Subject: [PATCH 2/2] http_protocol_handler: fix HTTP/x.y parsing It was accepting any character for the dot (yeah, massive big I know) --- contrib/epee/include/net/http_protocol_handler.inl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/epee/include/net/http_protocol_handler.inl b/contrib/epee/include/net/http_protocol_handler.inl index dc2c06972..76db5346f 100644 --- a/contrib/epee/include/net/http_protocol_handler.inl +++ b/contrib/epee/include/net/http_protocol_handler.inl @@ -353,7 +353,7 @@ namespace net_utils template bool simple_http_connection_handler::handle_invoke_query_line() { - STATIC_REGEXP_EXPR_1(rexp_match_command_line, "^(((OPTIONS)|(GET)|(HEAD)|(POST)|(PUT)|(DELETE)|(TRACE)) (\\S+) HTTP/(\\d+).(\\d+))\r?\n", boost::regex::icase | boost::regex::normal); + STATIC_REGEXP_EXPR_1(rexp_match_command_line, "^(((OPTIONS)|(GET)|(HEAD)|(POST)|(PUT)|(DELETE)|(TRACE)) (\\S+) HTTP/(\\d+)\\.(\\d+))\r?\n", boost::regex::icase | boost::regex::normal); // 123 4 5 6 7 8 9 10 11 12 //size_t match_len = 0; boost::smatch result;